The major factors that determine the performance of the second-order correlation power analysis (SOCPA) include the accuracy of the power model and the correlation between the hypothetical intermediate value and preprocessed power consumption. Because of the tradeoff between the accuracy and correlation, the correlation coefficient of the general SOCPA using 8-bit SubBytes output is only up to 0.35. Therefore, based on the operational characteristic of the cryptographic algorithm, we propose to find a special intermediate value, called sparse intermediate value (SIV). The SIV significantly improves the performance of the SOCPA because it accurately models the power consumption while the correlation coefficient is 1.00. Further, the experimental results on OpenSSL advanced encryption standard (AES) show that the SIV-based SOCPA can disclose the entire secret key with only about a quarter of the power trace required by the general SOCPA.
Practical Second-Order Correlation Power Analysis on the Message Blinding Method and Its Novel Countermeasure for RSA
